Cloud computing for financial institutions – regulation is not a barrier

When I attended FinTech Connect's Cloud Financial Services (Europe) conference I was really encouraged to hear from both financial institutions and their suppliers that relevant regulations do not pose an insurmountable barrier to using the cloud. Time and again speakers talked about the fact that there were no regulatory roadblocks as far as they were concerned. This is underpinned by the real drive by the FCA to promote FinTech through initiatives such as Project Innovate. One challenger bank went so far as to say that without the FCA's Proposed Guidance for firms outsourcing to the ‘cloud’ he would not be able to do what he is doing today. It seems unlikely that we will have further news from the FCA until after the referendum, but I am hopeful that it will be positive when it comes

In reality, the use of outsourcing to the cloud represents much the same challenges as any other form of material outsourcing. In the Legal Masterclass we at Hogan Lovells ran it was clear that financial institutions are already using the cloud, albeit so far in a small way compared to expectations of where this may go in the future. Institutions are, however, concerned about the difficulties of reaching agreement cloud service providers ("CSPs) in order to demonstrate compliance. They are struggling to convince CSPs that these were requirements rather than negotiating positions. This challenge will not disappear any time soon, but CSPs are starting to realise this and some of the tough negotiation points of even 12 months ago, are now being accepted by CSPs. Another useful tip was that CSPs often have financial institution specific addendums or contracts; it is just simply a matter of getting them to provide it to you!

It has been suggested that there were issues intrinsic to the use of cloud that could present challenges. These include security, and the ability to be able to find and access data. The debate seemed to suggest these issues are more myth than reality. Some CSPs suggested that cloud based solutions can actually be more secure than alternatives, and the suggestion that no one knows in which data centre your data is located was rejected and regulatory change and exit requirements can all be met. There is, of course, a cost in all of this and therein may lie the problem…

The audience comprising largely people that work in the cloud (including regulators and lawyers) were asked the question "what word comes to mind when you think of regulation" and an infographic including words such as "cost", "delay", "ever-increasing", "pain-in-the…", "challenging", was the result. My word "fun" did not make it into the graphic for some reason… It is going to be a struggle to convince people that regulation really can be fun, but what we can say is that regulation should not hold financial institutions back from using the cloud more widely across all areas of their business where they have the appropriate protections in place.

This blog post was originally published on the FinTech Connect on 6 June 2016